Loading ...
Sorry, an error occurred while loading the content.

Re: Setting up SPF in Postfix for sending

Expand Messages
  • btb@...
    ... interesting. thank you for calling attention to this. -ben
    Message 1 of 9 , Aug 16, 2013
    • 0 Attachment
      On Aug 16, 2013, at 15.06, Scott Kitterman <postfix@...> wrote:

      > I wouldn't bother. It has only very limited deployment and is proposed for removal in the revision to RFC 4408 that is about to enter IETF last call.

      interesting. thank you for calling attention to this.

      -ben
    • Hans Spaans
      ... You may want to check thread 9.3.3 - SPF record checks from May 30 2013 on the bind-users mailinglist. Hans
      Message 2 of 9 , Aug 17, 2013
      • 0 Attachment
        Scott Kitterman schreef op 2013-08-16 21:06:
        > btb@... wrote:
        >> On Aug 16, 2013, at 01.56, Rob Tanner <rtanner@...> wrote:
        >>
        >>> What is it, besides adding the correct the DNS TXT records
        >>
        >> as there is a formal dns rr type for spf defined in rfc4408, you'll of
        >> course want to include that as well.
        >
        > I wouldn't bother. It has only very limited deployment and is proposed
        > for removal in the revision to RFC 4408 that is about to enter IETF
        > last call.

        You may want to check thread "9.3.3 - SPF record checks" from May 30
        2013 on the bind-users mailinglist.

        Hans
      • Scott Kitterman
        ... He s wrong about what most SPF libraries do. Most don t query for the RR type at all, but we ll see how the IETF last call works out. It is a matter of
        Message 3 of 9 , Aug 17, 2013
        • 0 Attachment
          On Saturday, August 17, 2013 12:16:03 Hans Spaans wrote:
          > Scott Kitterman schreef op 2013-08-16 21:06:
          > > btb@... wrote:
          > >> On Aug 16, 2013, at 01.56, Rob Tanner <rtanner@...> wrote:
          > >>> What is it, besides adding the correct the DNS TXT records
          > >>
          > >> as there is a formal dns rr type for spf defined in rfc4408, you'll of
          > >> course want to include that as well.
          > >
          > > I wouldn't bother. It has only very limited deployment and is proposed
          > > for removal in the revision to RFC 4408 that is about to enter IETF
          > > last call.
          >
          > You may want to check thread "9.3.3 - SPF record checks" from May 30
          > 2013 on the bind-users mailinglist.

          He's wrong about what most SPF libraries do. Most don't query for the RR type
          at all, but we'll see how the IETF last call works out. It is a matter of
          some controversy.

          Thanks,

          Scott K
        • Michael Grimm
          On 16.08.2013, at 08:50, Titanus Eramius wrote: [DNS] ... Hmm, I used to have just that configuration in my DNS for more than a year, but
          Message 4 of 9 , Aug 17, 2013
          • 0 Attachment
            On 16.08.2013, at 08:50, Titanus Eramius <titanus@...> wrote:

            [DNS]

            > I tend to simply use "v=spf1 mx -all" since my setup is simple, but you
            > can see the entire syntax here http://www.openspf.org/SPF_Record_Syntax

            Hmm, I used to have just that configuration in my DNS for more than a year,
            but very recently I got some rejections upon delivery of mails from my
            published mx records (mx1.my-domain.tld and mx2.my-domain.tld) in DNS stating:

            | An SPF-enabled mail server rejected a message from a mail server claiming
            | to be mx1.my-domain.tld.
            |
            | An SPF-enabled mail server received a message from mx1.my-domain.tld (1.2.3.4)
            | from a mail server claiming to be mx1.my-domain.tld.
            |
            | The domain mx1.my-domain.tld has not published an SPF policy. It is possible
            | that the receiving mail server refuses all mail from domains that do not have
            | an SPF policy.

            I do understand http://www.openspf.org/SPF_Record_Syntax that the "mx" in
            "v=spf1 mx -all" will tell: "Accept mail from *any* published mx of a given
            domain", right?

            For he time being (before I really do understand SPF) I'm back to run DNS
            without SPF, shrug.

            Regards,
            Michael
          Your message has been successfully submitted and would be delivered to recipients shortly.